Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:130360 X-Original-To: internals@lists.php.net Delivered-To: internals@lists.php.net Received: from php-smtp4.php.net (php-smtp4.php.net [45.112.84.5]) by lists.php.net (Postfix) with ESMTPS id 0924A1A00BC for ; Sun, 15 Mar 2026 19:50:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=php.net; s=mail; t=1773604237; bh=jiZnxrvnV63G8TatYtdFH3Z+NtMYGwElWnnQ5NAYvRg=; h=Date:Subject:To:References:From:In-Reply-To:From; b=I1yEF/mHNdc5Eqs92iuAHv/YaM9xNOBz2yPj+UgT/U4DhxDs+jFtzddE3OJi59Vuh EQ0JJ7WLR7z0em8gW8wsk3WZOIn+mki8XCimZ+VJApvczOKS6aSV/O5EwUF3IACrwJ PbDLtBRt+sWlso2HC6kI5vZgLN9baI2tJqiGXryYxztiQYUIAVixSr/halbl5L9NRY P6G7r4HFnVWLrGjZPyM/CA/QzsvPbaHBSlmV9OV5Klxx2HQUVNMu4irk8NUX1ckDcV MqpwQBbOjX/+0je0GPRIhmk7o/+RdTsxeZwsbz1H70cVfKSxI4oLWvgfnRVh1aOjPc Xh0ahIzcfXZ1A== Received: from php-smtp4.php.net (localhost [127.0.0.1]) by php-smtp4.php.net (Postfix) with ESMTP id AEB11180050 for ; Sun, 15 Mar 2026 19:50:36 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-25) on php-smtp4.php.net X-Spam-Level: X-Spam-Status: No, score=-0.1 required=5.0 tests=BAYES_50,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,DMARC_MISSING,RCVD_IN_DNSWL_LOW, SPF_HELO_PASS,SPF_PASS autolearn=no autolearn_force=no version=4.0.1 X-Spam-Virus: No X-Envelope-From: Received: from fout-a4-smtp.messagingengine.com (fout-a4-smtp.messagingengine.com [103.168.172.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by php-smtp4.php.net (Postfix) with ESMTPS for ; Sun, 15 Mar 2026 19:50:36 +0000 (UTC) Received: from phl-compute-02.internal (phl-compute-02.internal [10.202.2.42]) by mailfout.phl.internal (Postfix) with ESMTP id DB0FDEC061C for ; Sun, 15 Mar 2026 15:50:30 -0400 (EDT) Received: from phl-frontend-03 ([10.202.2.162]) by phl-compute-02.internal (MEProxy); Sun, 15 Mar 2026 15:50:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rwec.co.uk; h=cc :content-transfer-encoding:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1773604230; x=1773690630; bh=jy0OJitnCI83u6NIiVLDhpYqMPiXOyYiXq5CEB5gVAE=; b= YuO80m3sB6y30CnhzxyOwnyhJQzyZJIqCSycfebtuhc3WDP0DdSOrvORUozO2ksQ Xet7Iv+k9J/YBmfUPs+7q/YlRN3LPf+OjL6TiqxNDrq6zMl78WIBu5LI5+bSMUWS ISCncU6lrCjcK3yVAz73xp4fwl2y5KbXsgkAs7hytCj9YbNaz+96nmZyAk0A06tK X7sse+0eiqSGGVAtPsp77nC3TOjJ/vaYDzbQi/0/MvpUA5bqxIm5MrNdrFc7f4Ve Fw4Y8WBXwZaoz1wvPjp0QalYtFHOz35upC2P0yV7RekxgY7cliE9Obvkz6O0VGXD YN15c1WO8Ja6oo8VWu2vOg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :content-type:date:date:feedback-id:feedback-id:from:from :in-reply-to:in-reply-to:message-id:mime-version:references :reply-to:subject:subject:to:to:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1773604230; x=1773690630; bh=j y0OJitnCI83u6NIiVLDhpYqMPiXOyYiXq5CEB5gVAE=; b=5NZ42M/KX7lsOGjW3 ks68MqeMEZOEd+qlUtdiGbLDSR9B8swtkxpAukH370waBkuP2tRJxHoJEUGBru+6 7f8NsF6kS70yYjkhiMYl7Nm7IOJ5wSzdCpsb4ftKHhu19xVE9mNDDDMX4jJ7Hb+u odt4yTQq59g1x5B6XJlKk/auyBSvxHYgr9J/2ph8hdcfOFtoKEuTbfpFKMfyNzHl eKbeyz6vf95s3shueK2CHPVRRGCCWWhxNRJ93As3tzPwXIUxyybB5939ATf6t/3K qCR/hgFO+/kfE7EdWytEV8RP1vvuW7QUtKqbaqw3bhh6wBAj8rlWEiTYl3tuoQuQ 5l6rg== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefgedrtddtgddvleeifeejucetufdoteggodetrf dotffvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfurfetoffkrfgpnffqhgenuceu rghilhhouhhtmecufedttdenucenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertd dtvdejnecuhfhrohhmpedftfhofigrnhcuvfhomhhmihhnshculgfkoffuohfrngdfuceo ihhmshhophdrphhhphesrhifvggtrdgtohdruhhkqeenucggtffrrghtthgvrhhnpeejke fghfeugffgtdeuheeggfdugefhudekjefhteegieejleehveelhfefvdfhudenucevlhhu shhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehimhhsohhprdhphh hpsehrfigvtgdrtghordhukhdpnhgspghrtghpthhtohepuddpmhhouggvpehsmhhtphho uhhtpdhrtghpthhtohepihhnthgvrhhnrghlsheslhhishhtshdrphhhphdrnhgvth X-ME-Proxy: Feedback-ID: id5114917:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA for ; Sun, 15 Mar 2026 15:50:30 -0400 (EDT) Message-ID: <1915677b-05a7-4c7c-b53c-9812ed8ac3f2@rwec.co.uk> Date: Sun, 15 Mar 2026 19:50:29 +0000 Precedence: list list-help: list-unsubscribe: list-post: List-Id: x-ms-reactions: disallow MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [PHP-DEV] [RFC] php-community: a faster-moving, community-driven PHP. To: internals@lists.php.net References: <839153A0-004D-4562-BD6E-65923201EDAA@gmail.com> <299760A8-5C8A-41AD-B2EB-986079D41A47@rwec.co.uk> Content-Language: en-GB In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit From: imsop.php@rwec.co.uk ("Rowan Tommins [IMSoP]") On 15/03/2026 12:20, Daniil Gentili wrote: > The exact lifecycle is explicitly not defined to allow for more > flexibility, but it can have emergency yanks for security issues, just > like for all extensions. > > [...] > > The point here is that users MUST be able to rely on feature > extensions, including in the long-term: this is the reason for the > stringent removal requirements. > > [...] > > The feature owners handle all changes to feature extensions. You can't have it both ways: - either the PHP project is making a lasting promise to the user by accepting a feature extension, and therefore taking on a lasting obligation; - or, the obligation is entirely on the feature owner, and therefore the PHP project can't make any promise to the user Currently, we have a process for promising a feature will be supported "forever" (RFCs); and a mechanism for maintainers to make an independent promise which users can choose whether to trust (PIE). It might be interesting to make a more limited promise, such as "this feature will be supported for 1 year, then subject to breaking changes or removal". It might even be sensible to automatically "time out" every feature version after, say, 1 year, forcing one of three things: a) the feature has proven useful and stable, and is adopted permanently; b) the feature is still in flux, and users should migrate to a newer version; c) the feature has been abandoned, or proven impractical, and will no longer be provided. >> Why will somebody trust this branch containing a bunch of >> separately-maintained feature extensions any more than they would >> trust a repository of PIE extensions? If anything, it is far *more* >> dangerous, because the features aren't limited to the normal >> extension API. > > Sandboxing plays the single most important rule in building trust. This is a very different type of "sandboxing" than what is discussed in the RFC. We're not talking about "ask the extension nicely not to give the user file system access", we're talking about "trust the extension not to silently send all user input to a malicious server", and "trust the extension not to have memory leaks that will crash the entire host". >> >> I think this RFC is trying to do two conflicting things at once: >> >> 1) allow users to test far-reaching, experimental, changes to the >> language and engine >> 2) allow users to enable safe, stable, features without installing >> untrusted binaries >> > > These are not conflicting things, they complement each other. Perhaps the confusion is that there are two different kinds of stability we can talk about: - stability of the implementation: are the changes to the engine thoroughly tested, and free from crashes and incorrect behaviour? - stability of the API: can PHP code, and other extensions, be written to make use of the feature? A feature flag is suitable for hiding an unstable API, but it's not suitable for hiding an unstable implementation. -- Rowan Tommins [IMSoP]